[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Do ipsec vendors care about privacy?
Hugo Krawczyk wrote:
> A couple of messages in this thread remind us that the WG decided
> that protecting the responder's identity from active attacks is preferable
> to protecting I's identity from such attacks. That's true, and I do NOT
> suggest to change that decision in the general case.
One issue, I think, we have to consider is that when we are using EAP
authentication we are no longer protecting IDr. Even if in a previous
message I state that it is not so crucial, i think that we can do
something to ensure a grade of protection on IDr at no cost.
What I was thinking about is:
Supposing that the responder can send EAP(Request,MD5) (for exaple)
without knowing IDi. In that case to ensure a grade of protection on IDr
we can force the use of IDr in message 3. If the iniziator doesn't know
one of the IDr she cannot procede, and the responder will not expose his ID:
Initiator Responder
----------- -----------
HDR, SAi1, KEi, Ni -->
<-- HDR, SAr1, KEr, Nr, [CERTREQ]
HDR, SK {[CERTREQ,] IDr,
SAi2, TSi, TSr} -->
<-- HDR, SK {IDr, [CERT,] AUTH,
EAP }
...
...
As you can see Alice *MUST* use IDr, otherwise Bob will send her a Type
7 NOTIFY MESSAGES (INVALID-SYNTAX).
What do the others think about?
--
------------------------------------------------
Antonio Forzieri
CEFRIEL - Politecnico di Milano
Tesista Area E-Service Tecnologies
Tel: 02-23954.334 - email: forzieri@cefriel.it
ICQ# 177683894
------------------------------------------------